mirror of
https://github.com/bitwarden/android.git
synced 2026-05-06 07:48:22 -05:00
[GH-ISSUE #6264] [BWA-213] QR code can't be scanned, while other authenticator apps can scan it instantly #21668
Open
opened 2026-04-16 22:13:58 -05:00 by GiteaMirror
·
9 comments
No Branch/Tag Specified
main
sdlc/sdk-update
new-item-types/PM-32810_bank-account-view
new-item-types/PM-32810_bank-account
beta-for-qa
BWA-253/not-displaying-totp-coded-with-empty-key
target-sdk-37
vvolkgang/renovate-remove-group
pm-34038/card-scanner-qa-fixes
PM-33982/build-device-screen
PM-30625/filter-out-empty-totp-vault-count
vvolkgang/update-jira-release-notes
new-item-types/PM-34123_new-item-menu
new-item-types/PM-32806_passport
new-item-types/PM-32808_drivers-license
BWA-99/show-next-totp
BWA-99/add-preview-next-totp-code-setting
renovate/glidecompose
chore/improve-android-ui-verification-skill
sync-min-sdk
release/2026.4-rc51
fix/security-sast-22741894-bvwj
related-origin-passkey-creation
release/2026.4-rc50
platform/android-breaking-change-detection
innovation-sprint-2026-send-folder
release/2026.3-rc49
PM-34193-vault-lockout
android-collections
llm/add-resolving-sdk-updates-skill
QA-1523/sanity-test-saucelabs
release/2026.3-rc48
PM-26577-app-links-support
PM-26896-autofill-fix
release/2026.2-rc47
pr-6572
release/2026.2-rc46
release/2026.1-rc45
PM-30644/added-logs-for-debug
PM-30644/quicktile-nav-not-showing-migration
minor-gradle-updates
release/2026.1-rc42
release/2026.1-rc44
release/2026.1-rc43
PM-28834/set-landscape-on-horizonos-devices
PM-28468/validate-and-navigate-to-vault-migration
PM-20026/force-ltr-passwords-and-codes
release/2025.12-rc41
cmcg/testCoverage
PM-29014/talkback-support-for-passwords
release/2025.12-rc40
BRE-1305/publish_test
accept-user-certs
autofill-permissions
release/2025.11-rc39
PM-22479/check-all-certificates-validate-asset-links
release/2025.10-rc38
agalles/android-latest
retro-agent
PM-27001/skip-account-selection-only-one-exists-cxp
release/2025.10-rc37
agalles/test-1118
release/2025.10-rc36
PM-20593-token-refresh
QA-1126b/adding-native-sanity-test
release/2025.9-rc35
pm-25933/sdk-update-password
release/2025.9-rc34
release/2025.8-rc33
agalles/20250821-release
debug-release-issues
pm-24249-allow-automated-prs-for-sdk-updates
release/2025.8-rc32
release/WORKFLOW-TEST-2025.8-rc28
agalles/20250807release
release/2025.07-rc25
release/hotfix-v2025.7.0-bwa
pm-23311/export-vault-policy-bypass
release/2025.07-rc24
authenticator-pm-sync-flags-issue
release/hotfix-v2025.6.0-bwpm
release/2025.06-rc21
agalles/automate-android-fastlane-patch
release/2025.05-rc20
release/2025.04-rc19
languages/basque
release/2025.03-rc19
update-readme
qrcode/feature
innovation/archive/pm-19153-archive-items
qrcode/2-ui-fields
qrcode/1-page
hold-on-biometric-prompt-alternative
release-notes-process
release/2025.02-rc16
bwa-monorepo
PM-8223/new-device-verification-ux-improvements
pm-18451/exempt-from-policies
test-bwa
release/2025.01-rc15
release/2025.01-rc14
release/2024.12-rc13
pm-16670/sync-leave-notice
821
PM-16695/backport-lean-more-new-device-verification
release/hotfix-v2024.11.7
release/2024.11-rc1
pm-11304/collection-add-item-button
PM-14241/disabling-logs-app-crash
poc/offline-editing
new-version-calc
pm-11649/expired-link-services
pm-6702/add-feature-flag
pm-6702/email-verification-feature
pm-9933/marketing-copy-update
pm-6702/registration-flows
update-templates
pm-6701/email-verification-selfhost-registration
v2026.4.0-bwa
v2026.4.0-bwpm
v2026.3.1-bwa
v2026.3.1-bwpm
v2026.3.0-bwpm
v2026.3.0-bwa
v2026.2.1-bwpm
v2026.2.1-bwa
v2026.2.0-bwpm
v2026.2.0-bwa
v2026.1.1-bwa
v2026.1.1-bwpm
temp-test
v2026.1.0-bwpm
v2026.1.0-bwa
v2025.12.1-bwa
v2025.12.1-bwpm
v2025.12.0-bwa
v2025.12.0-bwpm
v2025.11.1-bwpm
v2025.11.1-bwa
v2025.11.0-bwpm
v2025.11.0-bwa
v2025.10.1-bwa
v2025.10.1-bwpm
v2025.10.0-bwa
v2025.10.0-bwpm
v2025.9.1-bwa
v2025.9.1-bwpm
v2025.9.0-bwa
v2025.9.0-bwpm
v2025.8.1-bwa
v2025.8.1-bwpm
v2025.8.0-bwa
v2025.8.0-bwpm
v2025.7.2-bwa
v2025.7.2-bwpm
v2025.7.1-bwa
v2025.7.1-bwpm
v2025.7.0-bwa
v2025.7.0-bwpm
v2025.6.1-bwpm
v2025.6.0-bwa
v2025.6.0-bwpm
v2025.1.0-bwa
v2025.5.0-bwa
v2025.5.0-bwpm
v2025.5.999
2025.4.0
v2025.4.0
untagged-4731eaadac73f3dfbbb8
v2025.3.0
v2025.2.0
untagged-815a165c5d70ffe75bc7
v2025.1.2
v2025.1.1
v2025.1.0
v2024.12.0
untagged-5a76b6392a4c8998c63a
v2024.11.7
v2024.11.6
v2024.11.5
v2024.11.4
v2024.11.3
v2024.11.2
v2024.11.1
v2024.11.0
v2024.10.2
v2024.10.1
v2024.10.0
v2024.9.0
v2024.8.1
v2024.8.0
v2024.7.3
v2024.7.2
v2024.7.1
v2024.7.0
v2024.6.1
v2024.6.0
v2024.5.1
v2024.4.1
v2024.4.2
v2024.4.0
v2024.3.3
v2024.3.1
v2024.3.0
v2024.2.1
v2024.2.0
v2024.1.1
v2024.1.0
v2023.12.0
v2023.10.0
v2023.9.2
maui-single-project-android
v2023.9.1
v2023.9.0
v2023.8.0
v2023.7.0
v2023.5.0
v2023.4.0
v2023.3.2
v2023.3.1
v2023.3.0
v2023.2.0
v2023.1.0
v2022.11.0
v2022.10.0
v2022.9.1
v2022.9.0
v2022.8.0
v2022.6.2
v2022.6.1
v2022.6.0
v2022.05.0
v2.18.0
v2.17.0
v2.16.4
v2.16.3
v2.16.2
v2.16.1
v2.15.0
v2.14.2
v2.14.1
v2.14.0
v2.13.0
v2.12.0
v2.11.3
v2.11.2
v2.11.1
v2.11.0
v2.10.0
v2.9.1
v2.9.0
v2.8.2
v2.8.1
v2.8.0
v2.7.2
v2.7.0
v2.6.1
v2.6.0
v2.5.6
v.2.5.5
v2.5.5
v2.5.4
v2.5.3
v2.5.2
v2.5.1
v2.5.0
v2.4.3
v2.4.2
v2.4.1
v2.4.0
v2.3.1
v2.3.0
v2.2.8
v2.2.7
v2.2.6
v2.2.2
v2.2.1
v2.2.0
v2.1.2
v2.1.0
v2.0.6
v2.0.5
v2.0.4
v2.0.3
v2.0.2
v2.0.1
v2.0.0
v1.22.1
v1.22.0
v1.21.0
v1.20.0
v1.19.0
v1.18.1
v1.18.0
v1.17.0
v1.16.0
v1.15.2
v1.15.1
v1.15.0
v1.14.4
v1.14.1
v1.14.0
v1.13.0
v1.12.2
v1.12.1
v1.12.0
v1.11.1
v1.11.0
v1.10.0
v1.9.0
v1.8.1
v1.8.0
v1.7.0
v1.6.5
v1.6.1
v1.6.0
v1.5.1
v1.5.0
v1.4.4
v1.4.3
v1.4.0
v1.3.0
v1.2.1
v1.2.0
v1.1.0
v1.0.0
v0.0.6
v0.0.5
v0.0.4
v0.0.3
v0.0.2
v0.0.1
Milestone
No items
No Milestone
Projects
Clear projects
No project
No Assignees
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: github-starred/android#21668
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @pamperer562580892423 on GitHub (Dec 14, 2025).
Original GitHub issue: https://github.com/bitwarden/android/issues/6264
Steps To Reproduce
https://authenticationtest.com/totpChallenge/on a desktop browser.+Scan a QR codehttps://authenticationtest.com/totpChallenge/Expected Result
The QR code gets scanned as instantly as it worked on the same phone (!) with Aegis, 2FAS, Microsoft Authenticator and Google Authenticator.
Actual Result
Out of about ten (mostly longer) attempts, only one time I could scan the QR code successfully. The other times, the QR code wasn't scanned at all. (I did not even get an error message -- it just didn't get "scanned successfully")
So, important for reproducing: try it a few times, as it might work sometimes (maybe even with the first try).
Screenshots or Videos
The TOTP code in question:
Video of one attempt, where I tried to scan the code from different distances etc.:
https://github.com/user-attachments/assets/1c68872a-4aa1-42e2-a775-9d985f36b083
Additional Context
There is an open thread on the Community Forum where other users also reported the same thing happening: https://community.bitwarden.com/t/unable-to-scan-qr-codes-bw-authenticator-app/84749
Some reports, I think, may also indicate that it could also be dependent on certain devices/phones. (I don't know if the cameras might be different, or how the authenticator app can make use of it - or both... or something entirely different)
As written before, I tried to scan that specific test code also with four other authenticator apps (Aegis, 2FAS, Microsoft Authenticator and Google Authenticator) on the same phone (!) - and could scan that code in an instant with all other four authenticator apps.
Update 1:
I now tried to scan that same TOTP code with the BW mobile app (by adding a new login item and directly scanning for adding an "authenticator key" - it's a premium BW account). And here, every scan is successful, as instantly as the other four authenticator apps. So there seems to be at least difference between the BW authenticator app and the BW Android mobile app.
The "Environment Details" of my mobile app:
© Bitwarden Inc. 2015-2025
Version: 2025.12.0 (21003)
📱 Fairphone FP5 🤖 15@35 📦 prod
🧱 commit: bitwarden/android/release/2025.12-rc40@f02b374e989600a8458d2884abd2526244241c8a
💻 build source: bitwarden/android/actions/runs/19830126705/attempts/1
🦀 SDK: 1.0.0-3928-2cca3d46
🌩 Server: 2025.12.0 @ EU
Update 2:
I found something interesting now after my "Update 1". Because I decided to scan the same QR code with the authenticator app again, after scanning it with the BW mobile app first (i.e. just scanning it there like described in my Update 1, but changing directly after the successful scan to the authenticator app and trying to scan the code there as well). And guess what: when I do that, suddenly the authenticator app can scan that QR code successfully every time I tried it (I stopped after about five attempts - so, now all those five attempts were successful, where before, almost all attempts failed)
PS: Of course, the TOTP code here is only one example where the scan fails. I wonder what makes some codes fail and others not (or which devices have problems with some TOTP codes while other devices don't have issues at all with the same codes).
Build Version
2025.11.1 (1083)
What server are you connecting to?
EU
Self-host Server Version
No response
Environment Details
Issue Tracking Info
@bitwarden-bot commented on GitHub (Dec 14, 2025):
Thank you for your report! We've added this to our internal board for review.
ID: BWA-213
@pamperer562580892423 commented on GitHub (Dec 14, 2025):
Haha, already an update: I just got authenticator app 2025.12.0 (1114) on my phone... And now with that new version, my "QR code in question" gets scanned instantly.
I'm aware, that this issue now probably will get closed - as the whole case I brought is gone now - but I would like to point out that in the Community Forum thread there is at least one user who reports that even with authenticator app 2025.12.0 they would have a success rate of scanning QR codes of 0% (!) - besides the other reports in the past.
So I can only suggest that this issue should still be further investigated.
Addition: I also now had the chance to test this QR code in question with two other phones (Motorola, Android 16) and authenticator app version 2025.11.1 again, and at least I could reproduce that those two phones also are not able to scan that QR code successfully. - I hope I have a chance to scan that QR code again, when those two phones get authenticator app 2025.12.0.
@SergeantConfused commented on GitHub (Dec 14, 2025):
Hello @pamperer562580892423,
Thank you for that detailed report. I tested this on Android 14 with Bitwarden Authenticator 2025.11.1 and I was able to reproduce this somewhat. Upon first launching the Authenticator, it is able to scan the QR code in this GitHub report, but any subsequent attempts to scan it fail regardless if I deleted the saved TOTP seed or not; however, if I open the Task Switcher and dismiss the Authenticator and launch it anew, it is then able to scan the QR again even if it already is saved in (it saved another identical TOTP seed). I have flagged this to the Engineering team.
Please feel free to post additional information, such as screenshots or a screen video recordings, if you wish.
Thank you again,
@pamperer562580892423 commented on GitHub (Dec 14, 2025):
@SergeantConfused Thanks for your thoughtful and thorough testing.
I can already add, that for those two Motorola devices I also tested this with (authenticator app version 2025.11.1), I definitely was not able to scan the QR code at all - so, not even with the first attempt, after first launch of the app. (and as the password manager app is not used on those phones, I also didn't try my workaround from "Update 2" of the original post)
For my own phone (FP5) on authenticator app 2025.11.1 (!), I'm not sure if it was the first or a following attempt, where it worked... (only with my "workaround" / "Update 2", I could consistently scan the code every time then)
In sum, this looks very inconsistent across devices, and whatever other conditions. I think this should be kept in mind for further testing and reproducing.
@pamperer562580892423 commented on GitHub (Dec 16, 2025):
@SergeantConfused Short update.
One of the two Motorola phones got authenticator app 2025.12.0 yesterday. And out of about 8 attempts, I could scan the QR code from the original post zero (!) times now. (Moto G9 play, Android 16 / latest Lineage OS)
The user from the linked community forum thread who said they would have a success (!) rate of 0% (!) also has a Motorola device - those were their details:
That's only two instances and could be totally random - but I would also investigate a possible "Motorola incompatibility".
(though, I'm also still wondering what makes some QR codes scannable / unscannable - and if some QR codes have some problematic characteristics... at least for some cameras / devices / "drivers" / "software" or whatever...)
@pamperer562580892423 commented on GitHub (Dec 17, 2025):
@SergeantConfused Another short update: I now could also with the second Motorola phone (also Moto G9 play, Android 16 / latest LineageOS) and authenticator app 2025.12.0 (!) test our QR code here: as expected, it doesn't scan the code. (I only made about five attempts now)
So, summary for "my" two Motorola devices: both mentioned Moto G9 play phones can't scan "our" TOTP QR code at all - both with authenticator app versions 2025.11.1 and 2025.12.0, not one single attempt was successful. (but I also didn't try my "workaround" / "Update 2" from the original post with the Motorola phones!)
@pamperer562580892423 commented on GitHub (Jan 24, 2026):
@SergeantConfused Update for authenticator app version 2025.12.1 (1138).
With all three devices that I mentioned and tested before (my FP5/Android 15, and the two Motorola G9 play/LineageOS with Android 16), I now tried again to scan the code from my original post here. 10 times with each device. Results:
I think we agree that it can't be a "random event", that both Motorola devices fail to scan that code so many times and with different versions of the authenticator app...
@Bottommmm commented on GitHub (Mar 9, 2026):
I’m experiencing the same issue.
My device is a Vivo X200s running Android 16.
Bitwarden version: 2026.2.1 (21297)
Authenticator version: 2026.2.1 (1363)
☹️☹️
@pamperer562580892423 commented on GitHub (Mar 9, 2026):
@Bottommmm Can you scan the QR code that is included in my original post here? If you can't - could you try it a few times? (as you can see above, with the two Moto G9 play devices within my reach, it really failed not just a few times, but more like every time)
PS: Latest test with the QR code from my OP above and with BW authenticator app 2026.2.1 (1363):